CN103634324B - A kind of method of real-time monitoring certificate - Google Patents
A kind of method of real-time monitoring certificate Download PDFInfo
- Publication number
- CN103634324B CN103634324B CN201310659155.1A CN201310659155A CN103634324B CN 103634324 B CN103634324 B CN 103634324B CN 201310659155 A CN201310659155 A CN 201310659155A CN 103634324 B CN103634324 B CN 103634324B
- Authority
- CN
- China
- Prior art keywords
- certificate
- file
- client
- newly
- increased
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 26
- 238000012544 monitoring process Methods 0.000 title claims abstract description 12
- 230000009467 reduction Effects 0.000 claims abstract description 58
- 238000003860 storage Methods 0.000 claims abstract description 39
- 238000012423 maintenance Methods 0.000 claims abstract description 32
- 238000001914 filtration Methods 0.000 claims abstract description 3
- 230000008520 organization Effects 0.000 claims description 25
- 230000006870 function Effects 0.000 claims description 20
- 238000012986 modification Methods 0.000 claims description 13
- 230000004048 modification Effects 0.000 claims description 13
- 230000008859 change Effects 0.000 claims description 10
- 230000007246 mechanism Effects 0.000 claims description 4
- 235000013399 edible fruits Nutrition 0.000 claims 1
- 241000208340 Araliaceae Species 0.000 description 3
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 description 3
- 235000003140 Panax quinquefolius Nutrition 0.000 description 3
- 235000008434 ginseng Nutrition 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000000205 computational method Methods 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of method of real-time monitoring certificate, belong to information security field.Methods described includes:Client control predetermined directory, if file increase, then obtain newly-increased file, parsing obtains newly-increased certificate from the newly-increased file, when the newly-increased certificate meets default filter condition, according to the list of cert of the newly-increased certificate update client maintenance, return and continue to monitor predetermined directory;If file is reduced, reduced file is then read from file storage area, the certificate being reduced is parsed from the file of the reduction, when the certificate of the reduction meets default filter condition, the list of cert of client maintenance is updated according to the file of the reduction, returns and continues to monitor predetermined directory.Monitoring to certificate registration or Logout Events can effectively be realized using scheme of the present invention so that client can handle certificate registration or Logout Events in real time, while the filtering to certificate can be realized.
Description
Technical field
The present invention relates to information security field, more particularly to a kind of method of real-time monitoring certificate.
Background technology
Digital certificate, is that the volume of data of mark communication each side identity information in internet communication exists there is provided one kind
The mode of identity is verified on Internet, it is acted on similar to the identity card in the driving license of driver or daily life.It is
By an authoritative institution ----CA mechanisms, also known as certificate authority (Certificate Authority) distribution, Ren Menke
So that the identity of other side is recognized with it on the net.
Digital certificate is one includes public-key cryptography owner information and openly through certificate authority digital signature
The file of key.
In the prior art, client can not know registration or the exit state of certificate in real time, can not know certificate
Promulgation mechanism.
The content of the invention
The invention aims to overcome deficiency of the prior art, there is provided a kind of method of real-time monitoring certificate.
The technical solution adopted by the present invention is:A kind of method of real-time monitoring certificate, including:
Step S1:Client establishment file memory block, enumerates the file under predetermined directory, will be included under the predetermined directory
The file of certificate is saved in the file storage area;
Step S2:Predetermined directory described in the client control, judges the change of file under the predetermined directory, if literary
Part increase, then perform step S3, if file is reduced, performs step S6;
Step S3:The client reads newly-increased file under the predetermined directory, and the newly-increased file is carried out
Parsing, judges whether certificate can be parsed from the newly-increased file, if it is, the newly-increased file is saved in
In the file storage area, certificate is obtained from the newly-increased file, is the newly-increased certificate wound as newly-increased certificate
Certificate context is built, step S4 is performed, otherwise returns and performs step S2;
Step S4:The client judges whether the newly-increased certificate meets and preset according to the certificate context
Filter condition, if it is, performing step S5, otherwise return to step S2;
Step S5:The client is returned and performed according to the list of cert of the newly-increased certificate update client maintenance
Step S2;
Step S6:The client reads reduced file from the file storage area, and the file of the reduction is entered
Row parsing, obtains certificate from the file of the reduction, is used as the certificate of reduction;
Step S7:The client deletes the file of the reduction from the file storage area, judges described reduce
Certificate whether meet the default filter condition, if it is, performing step S8, otherwise return to step S2;
Step S8:The list of cert of client client maintenance according to the certificate update of the reduction, is returned
Perform step S2.
The step S2 is specially:When system time is at interval of preset duration, the client enumerates the default mesh
File under record, and be compared with the file in the file storage area, judge whether the file under the predetermined directory has
Change, if file increase, performs step S3, if file is reduced, performs step S6.
The step S2 is specially:
Step a1:The client is that the predetermined directory creates I/O equipment;
Step a2:The client is that the I/O equipment creates I/O completing ports, by the predetermined directory and the I/O
Completing port is associated;
Step a3:The client call obtains I/O completing port function of states, according to the acquisition I/O completing ports
The return value of function of state, judges whether the file under the predetermined directory changes, if it is, step a4 is performed, it is no
Then continue executing with step a3;
Step a4:The client obtains predetermined directory modification information function by calling, and obtains under the predetermined directory
File modification information, according to the information of the file modification, judge the class that the file under the predetermined directory changes
Type, if file increase, then perform step S3, if file is reduced, then performs step S6.
The step S2 is specially:The client creates notification message, monitors described default by the notification message
Catalogue, when there is notification message generation, calls acquisition predetermined directory modification information function, knows file under the predetermined directory
Change type, if file increase, performs step S3, if file is reduced, performs step S6.
It is described that newly-increased file is read under the predetermined directory in the step S3, be specially:The client compares
File under the predetermined directory and the file in the file storage area, obtain under the predetermined directory and are deposited with the file
The file that the file of storage area is differed, is used as newly-increased file.
The step S3, be specially:
Step A:The client reads newly-increased file under the predetermined directory, judges whether to increase newly from described
File in get preset byte data, if it is, performing step B, otherwise return and perform step S2;
Step B:The newly-increased file is saved in the file storage area by the client;
Step C:The data that the client obtains the preset length after the preset byte data are used as newly-increased certificate
Length mark, according to the length mark of the newly-increased certificate calculate obtain in newly-increased file increase newly certificate length;
Step D:The client from the newly-increased file, obtains described according to the length of the newly-increased certificate
Newly-increased certificate after the length mark of newly-increased certificate;
Step E:The client creates certificate context for the newly-increased certificate, performs step S4.
It is described according to the certificate context in the step S4, judge whether the newly-increased certificate meets and preset
Filter condition, be specially:Whether judge the certificate authority person in the certificate context is that default issuing organization is issued and/or judged
Whether the certificate user in the certificate context is that default user uses.
Whether the certificate authority person judged in the certificate context is that default issuing organization is issued, and is specially:Sentence
Whether the special string of the default issuing organization is had in the disconnected certificate authority person, if it is, representing described newly-increased
Certificate is that the default issuing organization is issued, and it is not that the default issuing organization is issued otherwise to represent the newly-increased certificate.
Whether the certificate user judged in the certificate context is that default user uses, and is specially:Judge
Whether the special string of the default user is had in the certificate user, if it is, representing the newly-increased certificate
It is that the default user uses, it is not that the default user uses otherwise to represent the newly-increased certificate.
In the step S5, it is specially:
Step c1:The client opens the certificate repository specified according to the certificate type of newly-increased certificate;
Step c2:The client searches the certificate for meeting the default filter condition from the certificate repository specified,
And the certificate for meeting default filter condition is stored in certificate store;
Step c3:The newly-increased certificate is saved in the certificate store by the client;
Step c4:The client deletes the certificate in the list of cert of the client maintenance, and the certificate is deposited
Certificate in storage area is saved in the list of cert of the client maintenance.
The step S8 is specially:
Step d1:The client deletes the certificate of the reduction from the certificate store;
Step d2:The client deletes the list of cert of the client maintenance, by the certificate store
Certificate is saved in the list of cert of the client maintenance.
In the step S7, it is specially:
Step e1:The client opens the certificate repository specified according to the certificate type of the certificate of the reduction;
Step e2:The client searches the certificate for meeting the default filter condition from the certificate repository specified,
And the certificate for meeting default filter condition is stored in certificate store;
Step e3:The client deletes the certificate of the reduction from the certificate store;
Step e4:The client deletes the certificate in the list of cert of the client maintenance, and the certificate is deposited
Certificate in storage area is saved in the list of cert of the client maintenance.
It is described that reduced file is read out from the file storage area in the step S6, be specially:The client
Non-existent file under the predetermined directory is obtained from the file storage area, the file of reduction is used as.
In the step S6, judge whether the certificate of the reduction meets the default filter condition, be specially:The visitor
Family end obtains the certificate context of the file of the reduction from the file of the reduction, obtains the certificate of the file of the reduction
Whether certificate authority person or certificate user in context, it is that default issuing organization is issued to judge the certificate authority person
And/or judge whether the certificate user is that default user uses.
It is described to judge whether the certificate authority person is that default issuing organization is issued, be specially:Judge the certificate authority
Whether the special string of the default issuing organization is had in person, if it is, the certificate for representing the reduction is described default
Issuing organization is issued, and the certificate for otherwise representing the reduction is not that the default issuing organization is issued.
It is described to judge whether the certificate user is that default user uses, be specially:Judge the certificate user
In whether have the special string of the default user, if it is, the certificate for representing the reduction is described default uses
Person uses, and the certificate for otherwise representing the reduction is not that the default issuing organization is issued.
The beneficial effect that the present invention is obtained is:Using the solution of the present invention, can effectively it realize to certificate registration or note
The monitoring of pin, enables the client to handle certificate registration or Logout Events in real time.The filtering to certificate can be realized simultaneously, and can
The certificate attribute information such as issuing organization to obtain certificate.
Brief description of the drawings
, below will be to embodiment or existing for the clearer explanation embodiment of the present invention or technical scheme of the prior art
There is the accompanying drawing used required in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with
Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is a kind of method flow diagram for real-time monitoring certificate that the embodiment of the present invention 1 is provided;
Fig. 2 is the refined flow chart of step 102 described in the embodiment of the present invention 1.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.Based on this
Embodiment in invention, the every other reality that those of ordinary skill in the art are obtained under the premise of creative work is not made
Example is applied, the scope of protection of the invention is belonged to.
Embodiment 1
The embodiment of the present invention 1 provides a kind of method for realizing digital certificate management, including:
When certificate registration is into system, in order to safeguard certificate, certificate information is write in the file under predetermined directory;When
When certificate is nullified from system, certificate information is deleted under predetermined directory;
Referring to Fig. 1, in the present embodiment, by monitoring the change of file under predetermined directory, realize to certificate registration or cancellation
The monitoring of event, be specially:
Step 101:Client establishment file memory block, enumerates the file under predetermined directory, will be wrapped under the predetermined directory
File containing certificate is saved in the file storage area;
In the present embodiment, the file storage area includes the file of certificate for depositing under predetermined directory, by relatively more pre-
If the file in file and file storage area under catalogue, it is increase or reduction to know the file under predetermined directory;
Step 102:Predetermined directory described in the client control, judges the change of file under the predetermined directory, if
File increase, then perform step 103, if file is reduced, performs step 108;
When there is file increase under client control to predetermined directory, expression there occurs certificate registration event;Work as client
Monitor when having file reduction under predetermined directory, expression there occurs certificate revocation event;
In the present embodiment, it is preferred that the change of the file under predetermined directory described in client control, it is specially:Work as system
Time when preset duration (such as 1s), enumerates the file under predetermined directory, judges whether the file under predetermined directory changes,
If the event for thering is file to increase or decrease, illustrate there is certificate registration or the event of cancellation;
Referring to Fig. 2, in addition, the step 102 can also be:
Step a1:The client is that the predetermined directory creates I/O equipment;
In the present embodiment, specifically by calling
I/O equipment is created for predetermined directory;Wherein, lpFileName is predetermined directory complete trails;
DwDesiredAccess is the access mode of file or equipment, lists the authority of the content in predetermined directory;dwShareMode
For read-write shared model;LpSecurityAttributes is security attribute pointer, and it is NULL that this in the present embodiment, which enters ginseng,;
DwCreationDisposition is performed operation in the case of file or equipment are present or absent, the present embodiment
In this to enter ginseng be OPEN_EXISTING, i.e., the opening file or equipment only in the presence of file or equipment;
DwFlagsAndAttributes is that to enter ginseng be FILE_FLAG_ to this in the attribute and mark of file or equipment, the present embodiment
BACKUP_SEMANTICS | FILE_FLAG_OVERLAPPED, i.e. file opening are created in an asynchronous manner, and for backing up
Or restoring operation;HTemplateFile is effective handle of the template file with GENERIC_READ access rights, this implementation
The parameter is NULL in example;What the function of this in the present embodiment was returned is the I/O equipment handles of predetermined directory;
Step a2:The client is that the I/O equipment creates I/O completing ports, by the predetermined directory and the I/O
Completing port is associated;
In the present embodiment, specifically, by calling
Wherein, FileHandle is the I/O equipment handles of predetermined directory;ExistingCompletionPort is NULL;
CompletionKey is a completion key, and the present embodiment is the predetermined directory message structure CDirWatchInfo;
NumberOfConcurrentThreads is that in most multipotency of same time, how many thread is in and can transported current I/O completing ports
The parameter is that 0, i.e. I/O completing ports use default value in row state, the present embodiment, that is, allows the Thread Count that concurrently performs
CPU quantity of the amount equal to main frame;
Step a3:The client call obtains I/O completing port function of states, according to the acquisition I/O completing ports
The return value of function of state, judges whether the file under the predetermined directory changes, if it is, step a4 is performed, it is no
Then continue executing with step a3;
In the present embodiment, the client recursive call obtains I/O completing port function of states, the text under predetermined directory
Corresponding that a notice can be added in the queue of I/O completing ports when part changes, the client recursive call is obtained
I/O completing port function of states, the return value for now obtaining I/O completing port function of states is TRUE, is represented under predetermined directory
File carried out increasing or decreasing event;
Step a4:The client obtains file modification information function by calling, and knows the text under the predetermined directory
The type that part changes, if file increase, then perform step 103, if file is reduced, then performs step 108;
In the present embodiment, file modification information function is obtained by calling, the phase of the file modification under predetermined directory is obtained
Information is closed, according to the information of the file modification, the type that the file under the predetermined directory changes is known.
In addition, step 102 can also be:The client creates notification message, is monitored by the notification message
The predetermined directory, when there is notification message generation, calls acquisition file modification information function, knows the predetermined directory hereafter
The change type of part, if file increase, performs step 103, if file is reduced, performs step 108;
Step 103:The client reads newly-increased file under the predetermined directory, and the newly-increased file is carried out
Parsing, judges whether certificate can be parsed from the newly-increased file, if it is, performing step 104, otherwise returns and holds
Row step 102;
It is described to read newly-increased file in the present embodiment, be specially:Text under the client predetermined directory
Part and the file in the file storage area, what the file obtained under the predetermined directory with the file storage area was differed
File, is used as newly-increased file;
In the present embodiment, the step 103 is specially:
Step 103-1:Client reads newly-increased file under the predetermined directory;
For example, in the present embodiment, the newly-increased file is:
Step 103-2:Client is parsed to the newly-increased file, judges whether included in the newly-increased file
Certificate, if it is, obtaining newly-increased certificate, performs step 104, otherwise ignores the newly-increased file;
In the present embodiment, the information in file header includes certificate registration information, such as CSP titles;
Specially:The preset byte data in the newly-increased file are obtained, the preset byte data are:0x20 00
00 00 01 00 00 00, find after preset byte data, obtain the number of the preset length after the preset byte data
According to the length mark of the data of preferably 4 bytes, as newly-increased certificate.The certificate length mark increased newly in the present embodiment
For 0,xa4 02 00 00.The computational methods of the length of newly-increased certificate are:By the length mark of newly-increased certificate by byte from low
Position a to high position sorts.The length of the certificate increased newly in examples detailed above is 0x02a4, is read according to obtained certificate length described new
Newly-increased certificate after the length mark of the certificate of increasing is:
Step 104:The newly-increased file is saved in the file storage area by the client;
Step 105:The client obtains certificate from the newly-increased file, as newly-increased certificate, is described new
The certificate of increasing creates certificate context;
In the present embodiment, the certificate context includes the certificate attribute such as certificate authority person and certificate user, can be to new
The certificate of increasing is parsed, and the newly-increased certificate was carried out using the certificate authority person and/or certificate user that parse
Filter;
In the present embodiment, it is that the newly-increased certificate creates certificate context, is specially:By calling
Create certificate context.Wherein, dwCertEncodingType is the type of coding of the certificate increased newly, in this reality
Apply in example, the DER that is encoded to that obtained newly-increased certificate is parsed from newly-increased file is encoded, and * pbCertEncoded are DER
The newly-increased certificate of coding, cbCertEncoded is the length for the newly-increased certificate that the DER is encoded;
In the present embodiment, by calling
DWORD WINAPI CertNameToStr(
_In_DWORD dwCertEncodingType,
_In_PCERT_NAME_BLOB pName,
_In_DWORD dwStrType,
_Out_LPTSTR psz,
_In_DWORD csz);By the name translation of the newly-increased certificate of CERT_NAME_BLOB structure types into character string
Type;
Wherein, dwCertEncodingType is the type of coding of the certificate increased newly, in the present embodiment, newly-increased certificate
Be encoded to DER coding;PName is the title of CERT_NAME_BLOB structure types, in the present embodiment, certificate subject CERT_
The entitled pCertContext.pCertInfo.Subject of NAME_BLOB structure types, issuer CERT_NAME_BLOB
The entitled pCertContext.pCertInfo.Issuer of structure type, dwStrType are the type of hand over word string, excellent
Choosing uses CERT_SIMPLE_NAME_STR types, and psz is the character string after conversion, and csz is the length of the character string after conversion;
For example, the certificate subject of the present embodiment is:CN=asd6190113, OU=Individual4, OU=CMBC_
DCMS, O=CMBC, C=CN;Certificate authority person is:O=CFCA SM2 TEST OCA21, C=CN;
Step 106:The client judges whether the newly-increased certificate meets and preset according to the certificate context
Filter condition, if it is, performing step 107, otherwise return to step 102;
It is described to judge whether the newly-increased certificate meets default filter condition in the present embodiment, be specially:By checking
The certificate information of certificate authority person and/or certificate user in certificate context, judging certificate authority, whether person's information is pre-
If issuing organization issues and/or judged whether certificate user is that default user uses;
It is preferred that, judge whether the newly-increased certificate meets default filter condition, be specially:In the person that judges certificate authority
Whether the special string of default issuing organization is had, if it is, representing that the certificate is preset issuing organization and issued, i.e.,
Meet default filter condition;
In the present embodiment, the special string of the default issuing organization is " CFCA ";Detect certificate authority person's character string
In whether include " CFCA " character string, if so, then meeting filter condition, corresponding information is otherwise returned to, wherein corresponding letter
Breath can be unsatisfactory for prompt message of filter condition etc. to return;
Or whether the present embodiment can also be by judging in certificate user comprising the special string for presetting user
" CMBC ", if, then it represents that the certificate is used in default user, to meet default filter condition;
Step 107:The client is returned and performed according to the list of cert of the newly-increased certificate update client maintenance
Step 102;
In the present embodiment, the step 107 is specially:
Step c1:The client opens the certificate repository specified according to the certificate type of newly-increased certificate;
In the present embodiment, if the certificate type of newly-increased certificate is personal certificate, personal certificate storehouse is opened, if newly
The certificate type of the certificate of increasing is root certificate, then opens root certificate storehouse;
Step c2:The client searches the certificate for meeting the default filter condition from the certificate repository specified,
And the certificate for meeting default filter condition is stored in certificate store;
Step c3:The newly-increased certificate is saved in the certificate store by the client;
Step c4:The client deletes the certificate in the list of cert of the client maintenance, and the certificate is deposited
Certificate in storage area is saved in the list of cert of the client maintenance;
In the present embodiment, it is specially:The first call back function is called, by the certificate in the list of cert of the client maintenance
Delete, in the list of cert that the certificate in the certificate store is saved in the client maintenance, wherein, described first time
Letter of transfer number is:WhenRegCert (), for handling certificate registration event, when there is certificate increase, the present embodiment is by the visitor
The list of cert that family end is safeguarded, which is done, to be updated, and is shown on the client;
Step 108:The client reads out reduced file from the file storage area, to subtracting described in reading out
Few file is parsed, and certificate is obtained from the file of the reduction, is used as the certificate of reduction;
It is described to read out reduced file in the present embodiment, be specially:By compare the All Files under predetermined directory with
Fileinfo in file storage area, if being not present and existing in file storage area under predetermined directory, then it represents that file
It is reduced file;
In the present embodiment, the described pair of file of the reduction read out is parsed, and is specially:
Step 108-1:Client is deposited by comparing the file name of All Files under predetermined directory with file storage area
File name in the fileinfo of storage, it is known that the file name of the file of reduction under predetermined directory, will from file storage area
The file of the reduction is read;
Step 108-2:Client is parsed to the file of the reduction, obtains reduced certificate;
In the present embodiment, client carries out the certificate that parsing is reduced to the file of the reduction, i.e., from fileinfo
The middle context that corresponding certificate is obtained according to file name, and then obtain reduced certificate;
Step 109:The client deletes the file of the reduction from the file storage area;
Step 110:The client judges whether the certificate of the reduction meets the default filter condition, if it is,
Step 111 is then performed, otherwise return to step 102;
Specially:The client obtains the certificate context of the certificate of the reduction, according to the certificate context, sentences
Whether the certificate of the disconnected reduction meets default filter condition, if it is, performing step 111, otherwise returns and performs step
102;
Step 111:The list of cert of client client maintenance according to the certificate update of the reduction, is returned
Perform step 102.
In the present embodiment, the list of cert of the client maintenance according to the certificate update of the reduction, preferably
Method is:
Step d1:The client deletes the certificate of the reduction from the certificate store;
Step d2:The client deletes the certificate in the list of cert of the client maintenance, and the certificate is deposited
Certificate in storage area is saved in the client maintenance into list of cert;
In addition, in the present embodiment, the step 111 can also be:
Step e1:The client opens the certificate repository specified according to the certificate type of the certificate of the reduction;
In the present embodiment, if the certificate type of the certificate of the reduction is personal certificate, personal certificate storehouse is opened, such as
The certificate type of the certificate of really described reduction is root certificate, then opens root certificate storehouse;
Step e2:The client searches the certificate for meeting the default filter condition from the certificate repository specified,
And the certificate for meeting default filter condition is stored in certificate store;
Step e3:The client deletes the certificate of the reduction from the certificate store;
Step e4:The client deletes the certificate in the list of cert of the client maintenance, and the certificate is deposited
Certificate in storage area is saved in the list of cert of the client maintenance;
In the present embodiment, it is specially:By calling the second call back function, by the list of cert of the client maintenance
Certificate is deleted, in the list of cert that the certificate in the certificate store is saved in the client maintenance, wherein, described the
Two call back functions are:WhenUnRegCert();, will when there is the generation of certificate revocation event for handling certificate revocation event
The list of cert of the client maintenance, which is done, to be updated, and is shown on the page.
The foregoing is only a specific embodiment of the invention, but protection scope of the present invention is not limited thereto, any
Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all be contained
Cover within protection scope of the present invention.Therefore, protection scope of the present invention described should be defined by right protection domain to be asked.
Claims (16)
1. a kind of method of real-time monitoring certificate, it is characterised in that including:
Step S1:Client establishment file memory block, enumerates the file under predetermined directory, certificate will be included under the predetermined directory
File be saved in the file storage area;
Step S2:Predetermined directory described in the client control, judges the change of file under the predetermined directory, if file increases
Plus, then step S3 is performed, if file is reduced, step S6 is performed;
Step S3:The client reads newly-increased file under the predetermined directory, and the newly-increased file is parsed,
Judge whether certificate can be parsed from the newly-increased file, if it is, the newly-increased file is saved in described
In file storage area, certificate is obtained from the newly-increased file, is that the newly-increased certificate creates card as newly-increased certificate
Book context, performs step S4, otherwise returns and performs step S2;
Step S4:The client judges whether the newly-increased certificate meets default filtering rod according to the certificate context
Part, if it is, performing step S5, otherwise return to step S2;
Step S5:The client returns according to the list of cert of the newly-increased certificate update client maintenance and performs step
S2;
Step S6:The client reads reduced file from the file storage area, and the file of the reduction is solved
Analysis, obtains certificate from the file of the reduction, is used as the certificate of reduction;
Step S7:The client deletes the file of the reduction from the file storage area, judges the card of the reduction
Whether book meets the default filter condition, if it is, performing step S8, otherwise return to step S2;
Step S8:The list of cert of client client maintenance according to the certificate update of the reduction, returns and performs
Step S2.
2. according to the method described in claim 1, it is characterised in that the step S2 is specially:When system time is at interval of pre-
If during duration, the client enumerates the file under the predetermined directory, and is compared with the file in the file storage area
Compared with, judge whether the file under the predetermined directory changes, if file increase, performs step S3, if file is reduced,
Then perform step S6.
3. according to the method described in claim 1, it is characterised in that the step S2 is specially:
Step a1:The client is that the predetermined directory creates I/O equipment;
Step a2:The client is that the I/O equipment creates I/O completing ports, and the predetermined directory and the I/O are completed
Port is associated;
Step a3:The client call obtains I/O completing port function of states, according to the acquisition I/O completing port states
The return value of function, judges whether the file under the predetermined directory changes, if it is, perform step a4, otherwise after
It is continuous to perform step a3;
Step a4:The client obtains predetermined directory modification information function by calling, and obtains the text under the predetermined directory
The information of part modification, according to the information of the file modification, judges the type that the file under the predetermined directory changes, such as
Fruit is file increase, then performs step S3, if file is reduced, then performs step S6.
4. according to the method described in claim 1, it is characterised in that the step S2 is specially:The client, which is created, to be notified
Message, the predetermined directory is monitored by the notification message, when there is notification message generation, calls acquisition predetermined directory modification
Information function, knows the change type of file under the predetermined directory, if file increase, performs step S3, if file
Reduce, then perform step S6.
5. according to the method described in claim 1, it is characterised in that in the step S3, described read under the predetermined directory
Newly-increased file is taken, is specially:File under the client predetermined directory and the text in the file storage area
Part, the file differed with the file of the file storage area is obtained under the predetermined directory, newly-increased file is used as.
6. according to the method described in claim 1, it is characterised in that the step S3, it is specially:
Step A:The client reads newly-increased file under the predetermined directory, and judging whether can be from the newly-increased text
Preset byte data are got in part, if it is, performing step B, otherwise returns and performs step S2;
Step B:The newly-increased file is saved in the file storage area by the client;
Step C:The data that the client obtains the preset length after the preset byte data are used as the length of newly-increased certificate
Mark, the length for the certificate for obtaining being increased newly in newly-increased file is calculated according to the length mark of the newly-increased certificate;
Step D:The client from the newly-increased file, obtains described newly-increased according to the length of the newly-increased certificate
Certificate length mark after newly-increased certificate;
Step E:The client creates certificate context for the newly-increased certificate, performs step S4.
7. it is according to the method described in claim 1, it is characterised in that in the step S4, described according to the certificate context,
Judge whether the newly-increased certificate meets default filter condition, be specially:Judge the certificate authority in the certificate context
Whether person is whether the certificate user that default issuing organization issued and/or judged in the certificate context is default user
Use.
8. method according to claim 7, it is characterised in that the certificate authority person in the judgement certificate context
Whether it is that default issuing organization is issued, is specially:Judge whether there is the spy of the default issuing organization in the certificate authority person
Different character string, if it is, representing that the newly-increased certificate is that the default issuing organization is issued, otherwise represents described newly-increased
Certificate is not that the default issuing organization is issued.
9. method according to claim 7, it is characterised in that the certificate user in the judgement certificate context
Whether it is that default user uses, is specially:Judge whether there is the special word of the default user in the certificate user
Symbol string, if it is, representing that the newly-increased certificate is that the default user uses, otherwise represents the newly-increased certificate not
It is that the default user uses.
10. according to the method described in claim 1, it is characterised in that in the step S5, it is specially:
Step c1:The client opens the certificate repository specified according to the certificate type of newly-increased certificate;
Step c2:The client searches the certificate for meeting the default filter condition from the certificate repository specified, and will
The certificate for meeting default filter condition is stored in certificate store;
Step c3:The newly-increased certificate is saved in the certificate store by the client;
Step c4:The client deletes the certificate in the list of cert of the client maintenance, by the certificate store
In certificate be saved in the list of cert of the client maintenance.
11. method according to claim 10, it is characterised in that the step S8 is specially:
Step d1:The client deletes the certificate of the reduction from the certificate store;
Step d2:The client deletes the list of cert of the client maintenance, by the certificate in the certificate store
In the list of cert for being saved in the client maintenance.
12. according to the method described in claim 1, it is characterised in that
In the step S7, it is specially:
Step e1:The client opens the certificate repository specified according to the certificate type of the certificate of the reduction;
Step e2:The client searches the certificate for meeting the default filter condition from the certificate repository specified, and will
The certificate for meeting default filter condition is stored in certificate store;
Step e3:The client deletes the certificate of the reduction from the certificate store;
Step e4:The client deletes the certificate in the list of cert of the client maintenance, by the certificate store
In certificate be saved in the list of cert of the client maintenance.
13. it is according to the method described in claim 1, it is characterised in that in the step S6, described from the file storage area
Reduced file is read out, is specially:The client is obtained from the file storage area to be not present under the predetermined directory
File, be used as the file of reduction.
14. according to the method described in claim 1, it is characterised in that in the step S7, judge the reduction certificate whether
The default filter condition is met, is specially:The client obtains the file of the reduction from the file of the reduction
Certificate authority person or certificate user in certificate context, the certificate context for the file for obtaining the reduction, judge institute
Stating certificate authority, whether person is that default issuing organization issues and/or judged whether the certificate user is that default user makes
With.
15. method according to claim 14, it is characterised in that described to judge whether the certificate authority person is default issue
Hair mechanism is issued, and is specially:Judge whether there is the special string of the default issuing organization in the certificate authority person, if
It is, then it represents that the certificate of the reduction is that the default issuing organization is issued, and the certificate for otherwise representing the reduction is not described
Default issuing organization is issued.
16. method according to claim 14, it is characterised in that described to judge whether the certificate user is default make
User uses, and is specially:Judge whether there is the special string of the default user in the certificate user, if it is,
The certificate for then representing the reduction is that the default user uses, and the certificate for otherwise representing the reduction is not that described preset is issued
Hair mechanism is issued.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310659155.1A CN103634324B (en) | 2013-12-09 | 2013-12-09 | A kind of method of real-time monitoring certificate |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310659155.1A CN103634324B (en) | 2013-12-09 | 2013-12-09 | A kind of method of real-time monitoring certificate |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103634324A CN103634324A (en) | 2014-03-12 |
CN103634324B true CN103634324B (en) | 2017-10-31 |
Family
ID=50214951
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310659155.1A Expired - Fee Related CN103634324B (en) | 2013-12-09 | 2013-12-09 | A kind of method of real-time monitoring certificate |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103634324B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110225013B (en) * | 2019-05-30 | 2021-11-09 | 世纪龙信息网络有限责任公司 | Service certificate monitoring and updating system |
CN110766409A (en) * | 2019-10-24 | 2020-02-07 | 深圳前海微众银行股份有限公司 | SSL certificate verification method, device, equipment and computer storage medium |
CN112114955B (en) * | 2020-09-28 | 2021-05-14 | 广州锦行网络科技有限公司 | Method for realizing single-process single-thread completion port under Windows platform |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101604268A (en) * | 2009-07-13 | 2009-12-16 | 浪潮电子信息产业股份有限公司 | A kind of method for filtering monitored directory change events |
CN102739706A (en) * | 2011-04-07 | 2012-10-17 | 腾讯科技(深圳)有限公司 | Method and system for carrying out data synchronization |
CN103095694A (en) * | 2013-01-09 | 2013-05-08 | 深圳市文鼎创数据科技有限公司 | Control method and device for digital certificate |
CN103258018A (en) * | 2013-04-27 | 2013-08-21 | 北京金和软件股份有限公司 | File synchronization method capable of accurately monitoring file changes in catalog folder |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5084592B2 (en) * | 2008-04-17 | 2012-11-28 | 株式会社リコー | Information processing device, electronic certificate issuing method, and program |
-
2013
- 2013-12-09 CN CN201310659155.1A patent/CN103634324B/en not_active Expired - Fee Related
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101604268A (en) * | 2009-07-13 | 2009-12-16 | 浪潮电子信息产业股份有限公司 | A kind of method for filtering monitored directory change events |
CN102739706A (en) * | 2011-04-07 | 2012-10-17 | 腾讯科技(深圳)有限公司 | Method and system for carrying out data synchronization |
CN103095694A (en) * | 2013-01-09 | 2013-05-08 | 深圳市文鼎创数据科技有限公司 | Control method and device for digital certificate |
CN103258018A (en) * | 2013-04-27 | 2013-08-21 | 北京金和软件股份有限公司 | File synchronization method capable of accurately monitoring file changes in catalog folder |
Also Published As
Publication number | Publication date |
---|---|
CN103634324A (en) | 2014-03-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Sloman | Network and distributed systems management | |
CN103152352B (en) | A kind of perfect information security forensics monitor method based on cloud computing environment and system | |
CN109241358A (en) | Metadata management method, device, computer equipment and storage medium | |
US20050273858A1 (en) | Stackable file systems and methods thereof | |
CN106100902A (en) | High in the clouds index monitoring method and apparatus | |
CN103634324B (en) | A kind of method of real-time monitoring certificate | |
CN106874778B (en) | Intelligent terminal file acquisition and data recovery system and method based on android system | |
CN103106130A (en) | Data monitoring method and data monitoring system for software behavior of mobile terminal | |
CN106815526A (en) | A kind of safety-type database storage system based on block chain technology | |
CN100362805C (en) | Multifunctional management system for detecting erotic images and unhealthy information in network | |
CN110489676A (en) | Webpage evidence collecting method, device, storage medium and server based on block chain | |
CN109361731A (en) | A kind of method, storage medium and server that file uploads | |
CN111522821A (en) | Dimension table data storage method and device, computer equipment and storage medium | |
CN110232291A (en) | Intelligent data desensitization method, device, computer equipment and storage medium | |
CN106230880B (en) | A kind of storage method and application server of data | |
CN109862074A (en) | A kind of collecting method, device, readable medium and electronic equipment | |
CN109714397A (en) | Internet proxy server management system | |
CN107770153A (en) | A kind of general acquisition system of power information based on collaborative safety protection model | |
CN104601442B (en) | A kind of information updating method and device | |
CN106506832B (en) | Information processing method and device | |
CN105471676A (en) | Port scanning IP address activity degree statistical system and method | |
Biswas et al. | Blockchain based digital forensics: a fundamental perspective | |
Cisco | CiscoSecure ACS Accounting | |
CN109840719A (en) | Management-control method, device and the server of organizational domains | |
Zuo et al. | Research on digital copyright infringement based on cloud computing environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20171031 |